Re: Problem with stunnel in pkgsrc

[Jason Mitchell <jmitchel%bigjar.com@localhost>]

On 8/12/24 10:54 AM, Greg Troxel wrote:
> Jason Mitchell <jmitchel%bigjar.com@localhost> writes:
>
> >      I've been dealing with a problem where stunnel segfaults on every
> > connection where OCSP stapling is required. The stunnel folks just got
> > back to me and there's an easy fix -- add stack = 131072 and the
> > problem goes away. There going to fix it in the next release. Should
> > we put a warning message on the stunnel package in pkgsrc advising
> > people to add this line to their stunnel.conf file?
> It would make sense to add this to the example config file that the
> package does or should install.
>
> Or, to see what their fix is and apply it as a patch.  I wonder if their
> approach is to increase the limit, or to be less consuming of resources.
>
> ulimit -s shows
>
> stack size                  (kbytes, -s) 4096
>
> on a system where I have no memory of messing with stack size.
> That's 4 MB, which seems like quite a lot of stack.
>
> I wonder if they really mean 128 MB of stack?

Greg,

    Here's the message I sent to netbsd-users with the message from the 
stunnel developer at the bottom. Maybe it's an internal stack?


https://mail-index.netbsd.org/netbsd-users/2024/08/12/msg031635.html


    I tracked down the problem to stunnel's resolver.c (called from 
ocsp.c), but stopped when I saw that the stunnel folks had identified 
the problem and had a fix in the works as well as a workaround. If we're 
including stack = 131072 in the stunnel.conf file then we probably 
should add a comment so that people know why it's there. For example:


; The following line is necessary to work around a bug in stunnel 
related to OCSP stapling. This bug should be fixed in stunnel 5.73.

stack = 131072


    Should I file a PR?

Thanks,

Jason M.